- Use locally-generated certificate chain in local tests rather
than the Twitter one, which changes regularly and breaks the
test suite unnecessarily. Fixes RT#129201. Thanks to Petr Písař
for the report and patch, and Steffen Ullrich for an alternative
patch suggestion.
- In t/local/09_ctxnew.t, rather than checking that the functions
(CTX)get_min_protoversion and (CTX)get_max_proto_version return
0x0000 (indicating the lowest and highest versions supported by
libssl respectively, which is not the case if a run-time
configuration is enforcing a different minimum or maximum), just
check whether the returned value is one of those mentioned on the
SSL_CTX_set_min_proto_version(3) man page. Partially fixes
RT#128025. Thanks to Slaven Rezić and Dmytro Zagashev for the
downstream reports.
- Move from 1024-bit keys/certificates to 2048-bit keys/certificates
across the entire test suite. This removes the need to manually
set the security level to 1 in tests that used the old keys, and
fixes large numbers of test failures on modern Linux distributions
that set the minimum OpenSSL security level to 2. Fixes RT#126270
and the remainder of RT#128025. Thanks to Petr Písař and Slaven
Rezić for the downstream reports.
- In t/local/06_tcpecho.t and t/local/07_sslecho.t, connect to
127.0.0.1 instead of localhost. This fixes these tests when
executed inside a network sandbox that disrupts the behaviour of
gethostbyname(). Fixes RT#128207. Thanks to Kent Fredric for the
downstream report.